BugTraq Mode:
(Page 6 of 1616)  < Prev  1 2 3 4 5 6 7 8 9 10 11  Next >
1 Click Audio Converter v2.3.6 - Activex Buffer Overflow 2015-06-05
Vulnerability Lab (research vulnerability-lab com)
Document Title:
===============
1 Click Audio Converter v2.3.6 - Activex Buffer Overflow

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1504

http://www.vulnerability-lab.com/get_content.php?id=1505

View Video: https://www.youtube.com/watch?v=Ad0wHlH

[ more ]  [ reply ]
Wing FTP Server Remote Code Execution vulnerability 2015-06-05
alex_haynes outlook com
Exploit Title: Wing FTP Server Remote Code Execution vulnerability
Product: Wing FTP Server
Vulnerable Versions: 4.4.6 and all previous versions
Tested Version: 4.4.6
Advisory Publication: 05/06/2015
Latest Update: 05/06/2015
Vulnerability Type: Improper Control of Generation of Code [CWE-94]
CVE Re

[ more ]  [ reply ]
[CVE-2015-4108] Wing FTP Server Cross-site Request Forgery vulnerabilities 2015-06-05
alex_haynes outlook com
Exploit Title: Wing FTP Server Cross-site Request Forgery vulnerabilities
Product: Wing FTP Server
Vulnerable Versions: 4.4.6 and all previous versions
Tested Version: 4.4.6
Advisory Publication: 05/06/2015
Latest Update: 05/06/2015
Vulnerability Type: Cross-site Request Forgery [CWE-352]
CVE Refere

[ more ]  [ reply ]
CA20150604-01: Security Notice for CA Common Services 2015-06-04
Kotas, Kevin J (Kevin Kotas ca com)
-----BEGIN PGP SIGNED MESSAGE-----

CA20150604-01: Security Notice for CA Common Services

Issued: June 4, 2015

CA Technologies Support is alerting customers to multiple potential
risks with products that bundle CA Common Services on Unix/Linux
platforms. A local attacker may exploit these vulnerab

[ more ]  [ reply ]
[security bulletin] HPSBGN03343 rev.1 - HP WebInspect, Remote Unauthorized Access 2015-06-04
security-alert hp com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Note: the current version of the following document is available here:
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c04695307

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04695307
Version: 1

HPSBGN03343 re

[ more ]  [ reply ]
CVE-2015-4153 - WordPress zM Ajax Login & Register Plugin [Local File Inclusion] 2015-06-04
pan vagenas gmail com
# Exploit Title: CVE-2015-4153 - WordPress zM Ajax Login & Register Plugin [Local File Inclusion]
# Date: 2015/06/01
# Exploit Author: Panagiotis Vagenas
# Contact: https://twitter.com/panVagenas
# Vendor Homepage: http://zanematthew.com/
# Software Link: https://downloads.wordpress.org/plugin/zm-aj

[ more ]  [ reply ]
[CVE-2015-4107] Wing FTP Server Remote Code Execution vulnerability 2015-06-05
alex_haynes outlook com
Exploit Title: Wing FTP Server Remote Code Execution vulnerability
Product: Wing FTP Server
Vulnerable Versions: 4.4.6 and all previous versions
Tested Version: 4.4.6
Advisory Publication: 05/06/2015
Latest Update: 05/06/2015
Vulnerability Type: Improper Control of Generation of Code [CWE-94]
CVE Re

[ more ]  [ reply ]
IBM Watson (Cognea) - XSS and Redirect Vulnerabilities 2015-06-04
jerold v00d00sec com
# Vulnerability type: Cross-site Scripting & Redirect
# Vendor: www.ibm.com
# Product: IBM Watson Cloud Computing SaaS (Cognea)
# Product Link: http://www.ibm.com/smarterplanet/us/en/ibmwatson/
# Credit: Jerold Hoong

The logout.jsp page function of the IBM Watson (Cognea) SaaS application is
vuln

[ more ]  [ reply ]
[Multiple CVE's]: various critical vulnerabilities in SysAid Help Desk (RCE, file download, DoS, etc) 2015-06-03
Pedro Ribeiro (pedrib gmail com)
Hi,

tl;dr Found lots of vulns in SysAid Help Desk 14.4, including RCE.
SysAid have informed me they all have been fixed in 15.2, but no
re-test was performed.

Full advisory below, and a copy can be obtained at [1].
5 Metasploit modules have been released and currently awaiting merge
in the moderat

[ more ]  [ reply ]
[SECURITY] [DSA 3278-1] libapache-mod-jk security update 2015-06-03
Markus Koschany (apo gambaru de)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3278-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Markus Koschany
June 03, 2015

[ more ]  [ reply ]
ESA-2015-091: RSA® Web Threat Detection Cross-Site Request Forgery Vulnerability 2015-06-03
Security Alert (Security_Alert emc com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

ESA-2015-091: RSA® Web Threat Detection Cross-Site Request Forgery Vulnerability

EMC Identifier: ESA-2015-091

CVE Identifier: CVE-2015-0541

Severity Rating: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P)

Affected Products:

· RSA Web Threa

[ more ]  [ reply ]
Local PHP File Inclusion in ResourceSpace 2015-06-03
High-Tech Bridge Security Research (advisory htbridge ch)
Advisory ID: HTB23258
Product: ResourceSpace
Vendor: Montala Limited
Vulnerable Version(s): 7.1.6513 and probably prior
Tested Version: 7.1.6513
Advisory Publication: May 6, 2015 [without technical details]
Vendor Notification: May 6, 2015
Vendor Patch: June 1, 2015
Public Disclosure: June 3, 20

[ more ]  [ reply ]
Jildi FTP Client 1.5.2 b1138 - Buffer Overflow Vulnerability 2015-06-03
banana88 inbox com

Document Title:
===============
Jildi FTP Client 1.5.2 b1138 - Buffer Overflow Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1503

Release Date:
=============
2015-06-03

Vulnerability Laboratory ID (VL-ID):
=========================

[ more ]  [ reply ]
Safari Address Spoofing - Impact, Code, How It Works, History 2015-06-03
David Leo (david leo deusen co uk)
Impact:
"It works on fully patched versions of iOS and OS X"
Reference:
http://arstechnica.com/security/2015/05/safari-address-spoofing-bug-coul
d-be-used-in-phishing-malware-attacks/

Code(JavaScript):
function f()
{
location="http://www.dailymail.co.uk/home/index.html?random="+Math.rando
m();
}
set

[ more ]  [ reply ]
[SECURITY] [DSA 3249-2] jqueryui security update 2015-06-02
Sebastien Delafond (seb debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3249-2 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Sebastien Delafond
June 02, 2015

[ more ]  [ reply ]
[SECURITY] [DSA 3277-1] wireshark security update 2015-06-02
Moritz Muehlenhoff (jmm debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3277-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Moritz Muehlenhoff
June 02, 2015

[ more ]  [ reply ]
WebDrive 12.2 (B4172) - Buffer Overflow Vulnerability 2015-06-02
Vulnerability Lab (research vulnerability-lab com)
Document Title:
===============
WebDrive 12.2 (B4172) - Buffer Overflow Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1500

Release Date:
=============
2015-06-01

Vulnerability Laboratory ID (VL-ID):
=================================

[ more ]  [ reply ]
vfront-0.99.2 CSRF & Persistent XSS 2015-06-02
apparitionsec gmail com
[+] Credits: John Page ( hyp3rlinx )

[+] Domains: hyp3rlinx.altervista.org

[+] Source: http://hyp3rlinx.altervista.org/advisories/AS-VFRONT0602.txt

Vendor:
==============
www.vfront.org

Product:
========================================================================
===========
vfront-0.99.

[ more ]  [ reply ]
Enhanced SQL Portal 5.0.7961 XSS Vulnerability 2015-06-02
apparitionsec gmail com
[+] Credits: John Page ( hyp3rlinx )

[+] Domains: hyp3rlinx.altervista.org

[+] Source: http://hyp3rlinx.altervista.org/advisories/AS-ENHSQLPORTAL0602.txt

Vendor:
www.eliacom.com
www.eliacom.com/mysql-gui-download.php

Product:
Enhanced SQL Portal 5.0.7961 web based MySQL administration appli

[ more ]  [ reply ]
Freebox OS Web interface 3.0.2 XSS, CSRF 2015-06-01
huyngocbk gmail com
Hello list,

Here are two CVEs I reported to Freebox, a french ISP:
- CVE-2014-9382 - CSRF in VPN user account creation
- CVE-2014-9405 - XSS

Vulnerable product: Freebox OS Web interface 3.0.2.

CVE-2014-9382 - CSRF in Freebox OS Web interface 3.0.2 allowing VPN user account creation
===========

[ more ]  [ reply ]
t2'15: Call for Papers 2015 (Helsinki / Finland) 2015-06-01
Tomi Tuominen (tomi tuominen t2 fi)
#
# t2'15 - Call For Papers (Helsinki, Finland) - October 29 - 30, 2015
#

Why spend your valuable conference time in the longest lines you have seen in your life, getting a sun burn or totally lost in the canals with your rental boat, being deprived of chewing gum or waking up in Nong Palai without

[ more ]  [ reply ]
CVE-2015-4039 - WordPress WP Membership plugin [Stored XSS] 2015-06-01
pan vagenas gmail com
# Exploit Title: CVE-2015-4039 - WordPress WP Membership plugin [Stored XSS]
# Contact: https://twitter.com/panVagenas
# Vendor Homepage: http://wpmembership.e-plugins.com/
# Software Link: http://codecanyon.net/item/wp-membership/10066554
# Version: 1.2.3
# Tested on: WordPress 4.2.2
# CVE: CVE-201

[ more ]  [ reply ]
CVE-2015-4038 - WordPress WP Membership plugin [Privilege escalation] 2015-06-01
pan vagenas gmail com
# Exploit Title: CVE-2015-4038 - WordPress WP Membership plugin [Privilege escalation]
# Contact: https://twitter.com/panVagenas
# Vendor Homepage: http://wpmembership.e-plugins.com/
# Software Link: http://codecanyon.net/item/wp-membership/10066554
# Version: 1.2.3
# Tested on: WordPress 4.2.2
# CV

[ more ]  [ reply ]
WebDrive Buffer OverFlow PoC 2015-06-01
banana88 inbox com
#!/usr/bin/python
#Exploit Title:WebDrive Buffer OverFlow PoC
#Author: metacom
#Vendor Homepage: http://www.webdrive.com/products/webdrive/
#Software Link: https://www.webdrive.com/products/webdrive/download/
#Version: 12.2 (build # 4172) 32 bit
#Date found: 31.05.2015
#Date published: 31.05.201

[ more ]  [ reply ]
Ektron CMS 9.10 SP1 - XSS Vulnerability 2015-05-31
jerold v00d00sec com
# Vulnerability type: Cross-site Scripting
# Vendor: http://www.ektron.com/
# Product: Ektron Content Management System
# Affected version: =< 9.10 SP1 (Build 9.1.0.184.1.102)
# Patched version: 9.10 SP1 (Build 9.1.0.184.1.114)
# Credit: Jerold Hoong

# PROOF OF CONCEPT (XSS)

Cross-site scripting

[ more ]  [ reply ]
Ektron CMS 9.10 SP1 - CSRF Vulnerability 2015-05-31
jerold v00d00sec com
# Vulnerability type: Cross-site Request Forgery
# Vendor: http://www.ektron.com/
# Product: Ektron Content Management System
# Affected version: =< 9.10 SP1 (Build 9.1.0.184.1.114)
# Patched version: 9.10 SP1 (Build 9.1.0.184.1.120)
# CVE ID: CVE-2015-3624
# Credit: Jerold Hoong

# PROOF OF CONCEP

[ more ]  [ reply ]
[SECURITY] [DSA 3276-1] symfony security update 2015-05-31
Moritz Muehlenhoff (jmm debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3276-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ David Prevot
May 31, 2015

[ more ]  [ reply ]
[SECURITY] [DSA 3269-2] postgresql-9.1 regression update 2015-05-31
Salvatore Bonaccorso (carnil debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3269-2 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Salvatore Bonaccorso
May 31, 2015

[ more ]  [ reply ]
[SECURITY] [DSA 3275-1] fusionforge security update 2015-05-30
Salvatore Bonaccorso (carnil debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3275-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Salvatore Bonaccorso
May 30, 2015

[ more ]  [ reply ]
[security bulletin] HPSBMU03223 rev.1 - HP Insight Control server provisioning running SSLv3, Remote Denial of Service (DoS), Disclosure of Information 2015-05-29
security-alert hp com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Note: the current version of the following document is available here:
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c04521018

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04521018
Version: 1

HPSBMU03223 r

[ more ]  [ reply ]
(Page 6 of 1616)  < Prev  1 2 3 4 5 6 7 8 9 10 11  Next >


 

Privacy Statement
Copyright 2010, SecurityFocus